tom byrnes founder & ceo 760.542.1550 x4242 tomb@threatstop threatstop
DESCRIPTION
Cloud Network Defense. Tom Byrnes Founder & CEO 760.542.1550 x4242 [email protected] www.threatstop.com. Network Forensics. RANUM: “the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents.”. The “Fire”Wall. - PowerPoint PPT PresentationTRANSCRIPT
1 9/14/2010
Cloud Network Defense
Tom ByrnesFounder & CEO
760.542.1550 x4242 [email protected]
Cloud Network Defense
2 9/14/2010
Cloud Network DefenseNetwork Forensics
RANUM: “the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents.”
3 9/14/2010
Cloud Network DefenseThe “Fire”Wall
4 9/14/2010
Cloud Network DefenseIssues:
Time to detection. Preservation and non
repudiation of record.
Certainty of Actor.
Volume of data.
Often long after event. Often not admissible in
court (rw storage, chain of custody).
What machine had that IP AT THAT TIME?
Who was logged on?
Most irrelevant, alerts, etc.
5 9/14/2010
Cloud Network DefenseThreat List Management
Sensors
UsersFirewall
StandardDNS
Lists Updated Every 2 Hours For Real Time Protection
6 9/14/2010
Cloud Network Defense
Filter, correlate, alert, in real time.The best event is one that didn’t happen.
Block, alert, remediate.
At the very least, alert.
“We make your firewall better.”
Source IP Destination IP Destination Port Number of Attacks
F00.42.151.182 91.213.121.176 6400 972
F00.42.151.182 88.198.88.123 6400 951
F00.42.151.105 64.136.44.21 20480 599
F00.1.152.228 207.46.179.247 20480 546
F00.42.6.2 8.12.43.252 20480 444
F00.42.151.182 91.213.121.176 20480 344
F00.42.151.182 91.213.121.176 47873 342
F00.42.151.40 207.46.179.247 20480 310
F00.1.152.163 66.150.14.113 20480 297
F00.42.151.6 64.236.85.145 20480 294
F00.42.151.168 207.46.179.247 47873 282
F00.88.151.172 208.89.13.133 47873 282
F00.88.151.170 64.236.85.145 20480 280
F00.42.6.62 174.129.239.34 20480 277
F00.42.151.129 205.188.165.185 20480 221
F00.1.152.97 207.46.179.247 20480 202
F00.42.152.15 64.95.73.13 20480 188
F00.51.151.75 216.223.0.208 20480 178
F00.42.152.78 8.12.43.252 20480 170
F00.88.151.203 64.94.107.22 20480 154
F00.42.1.40 168.75.65.92 20480 154
F00.77.151.163 64.154.87.108 20480 153
F00.42.151.30 64.236.85.145 20480 153
F00.1.151.103 64.236.85.145 20480 152
F00.77.151.1 72.21.81.133 20480 148
F00.42.151.6 72.21.81.133 20480 147
F00.88.151.85 66.54.16.42 20480 146
F00.88.153.54 64.154.87.108 20480 139
F00.42.152.29 64.236.85.145 20480 132
F00.1.152.15 209.97.50.80 20480 129
F00.42.151.4 207.46.179.247 20480 127
F00.42.151.135 66.235.143.121 20480 125
F00.42.6.2 72.32.154.62 20480 125
F00.58.155.4 64.236.85.145 20480 115
F00.1.152.52 66.150.117.34 20480 114
F00.1.151.102 207.46.179.247 20480 114
F00.42.151.6 209.97.50.80 20480 114
F00.42.151.167 66.235.143.121 20480 110
7 9/14/2010
Cloud Network DefenseHow it works
8 9/14/2010
Cloud Network DefensePublic tool
9 9/14/2010
Cloud Network Defense
Tom ByrnesFounder & CEO
760.542.1550 x4242 [email protected]
Cloud Network Defense